The Infrastructure Security Officer is responsible for the implementation and validation of security controls, operations, and management of cyber and information security solutions for the protection of the bank’s information systems and networks. The successful candidate will also be responsible for recommending, implementing, and enforcing security or/and technical controls to mitigate risks identified on the bank’s network.
KEY RESPONSIBILITIES
• Risk and Vulnerability Management
– Conduct periodic review of critical production IT infrastructure assets (Network Devices, Servers, Storage, Firewalls, links, VMWare, etc.) and ensure they are integrated into the Bank’s SIEM solution.
– Conduct regular vulnerability scans on IT infrastructure Assets and facilitates remediation by MIS.
– Proactively evaluate IT infrastructure environment against published information from intelligence sources to identify and address gaps and indicators of compromise.
• Information Security Controls and Solutions
– Conduct review of Endpoints to identify deviations from established security baselines.
– Perform security reviews of servers and network infrastructure devices against established security baselines.
– Lead the operation and maintenance of technical controls to address the risk associated with the use of privilege accounts.
• IT/Technology Project Implementation
– Conduct vulnerability and security architecture assessments for new technology infrastructure introduced into the production environment.
– Facilitate the design and implementation of security control requirements for new IT infrastructure deployments.
• Change Management
– Review change requests and provide recommendations to stakeholders
– Secretary to the Change Advisory Committee (CAC)
• Security Incident Management
– Provide second level support for investigation and analysis of identified and reported security incidents by the SOC
– Actively participate in the incident response process and activities.
• Information Security Projects
• Cyber and Information Security Management Framework
– Conduct regular security reviews to ensure that the bank is in compliance with the ISO 27001, PCI DSS, SWIFT Customer Security Program (SCP) and BoG CISD requirements.
QUALIFICATION/EXPERIENCE
– Bachelor’s Degree in Computer Science, Information Technology, Electrical Engineering. or a related field.
– Minimum of 5+ years of Banking Experience in the field of Information Security Management or Systems Auditing.
– Industry certification on any systems or network infrastructure required e.g. (MCITP) or (CCNA), etc.
– Other Professional Security certifications. ((CEH) / (CHFI)), Professional certifications of CISSP, CISM, and CISA would be an advantage
– Broad knowledge of a range of standards, frameworks, and methodologies— (ISO) 27001/2, PCI DSS, NIST Cyber Security Framework, (ITIL), COBIT
– Familiarity with regulatory security requirements in Ghana